Getting Started
Kanshin is a management portal — a web console where administrators configure identity for their organization. This page covers signing in, the organization model, and a tour of the console.
Signing in
You reach Kanshin at its portal address and choose Sign In. Kanshin does not ask you for a password directly; instead it hands you to Kanshin’s authentication service, which signs you in and returns you to the portal. This is the same standards-based single sign-on (OpenID Connect) that Kanshin provides to your applications — the portal uses it too.
Organizations and realms
Kanshin is built around two ideas:
- An organization (also called a tenant) is your company’s isolated space in Kanshin. Every user, application, group, role, and policy belongs to exactly one organization, and organizations are fully isolated from one another.
- A realm is an environment within an organization — for example a production realm and a staging realm. Realms let you keep your live identity configuration separate from where you test changes. Each realm is marked as production or non-production and can be tagged with a region.
Isolation is enforced by the system, not by convention: when you are working in your organization you can only ever see and change its data, and a request can never reach another organization’s records.
Joining or creating an organization
After you sign in for the first time, Kanshin works out where to send you:
- If someone has invited you to their organization, you will see the invitation and can accept it to join, or decline it.
- If you already belong to one or more organizations, you pick which one to work in.
- If you belong to none, you can create a new organization — you give it a name and a short machine-friendly slug, and you become its first administrator.
You can belong to several organizations and switch between them from the organization switcher in the console; switching changes the entire console to that organization’s data.
A tour of the console
The console is organized into a left-hand menu grouped by area:
| Area | What you manage | Learn more |
|---|---|---|
| Directory | Realms, users, groups, and custom attributes | Organizations & Realms , Users & People |
| Applications | The apps your people sign in to, and who may use them | Applications , Application Access |
| Security | Roles, members, authenticators (MFA), and policies | Roles & Permissions , Multi-Factor Authentication , Security Policies |
| Settings | Your organization profile, administrators, and audit log | Sessions, Audit & Security |
Related pages
- Organizations & Realms — the isolation model in depth
- Users & People — adding the people in your organization
- Members & Invitations — inviting others into your organization